C. On the Static URL Filter configuration, set Action to Exempt. Based on the exhibit, the administrator has configured the FortiGuard Category Based Filter to block access to all social networking sites, and has also configured a Static URL Filter to block access to twitter.com. As a result, users are being redirected to a block page when they try to access twitter.com. To allow users to access twitter.com while blocking all other social networking sites, the administrator can make the following configuration change: On the Static URL Filter configuration, set Action to Exempt: By setting the Action to Exempt, the administrator can override the block on twitter.com that was specified in the FortiGuard Category Based Filter. This will allow users to access twitter.com, while all other social networking sites will still be blocked.

When FortiGate performs a web filter check, it will first check the static URL filter list (if applied to the profile) and based on the action, will then perform the FortiGuard category check. 'Action' descriptions in Static URL see bellow: - 'Block' -> destination is blocked and session dropped, no further category check is needed. - 'Allow' -> destination is allowed from the static URL list, FortiGate proceeds with checking the category to decide further action. - 'Exempt' -> destination is exempted from further inspection and traffic is allowed.

C. On the Static URL Filter configuration, set Action to Exempt. Most Voted

Even that in the GUI static URL filter is configured as part of Web Filter profile in the background they are separate. FortiGate will apply the following order of inspection 1)Static URL -> 2) FortiGuard Category Filter -> 3)Advance Filter. When static URL filter is configured to allow FGT will move to next and check if url is allowed or blocked by FortiGuard categories. Exempt action on static url filter will tell FGT to exempt this url from other inspections, by passing FortiGuard categories.

why is everyone choosing C, when the url is not a wildcard. This is a simple entry in the url filter, so change the type to simple. Moreover, static url entry is first checked before others. Also, exempt only means to completely trust the trafficand not pass it through other security check, but here it is still blocked by a webfilter. Meaning something is wrong with the filter definition.

C, but set Action to Exempt.

C. On the Static URL Filter configuration, set Action to Exempt. FortiGate Security 7.2 Study Guide (p.269): "Allow: Access is permitted. Traffic is passed to remaining operations, including FortiGuard web filter, web content filter, web script filters, and antivirus scanning. Exempt: Allows traffic from trusted sources to bypass all security inspections." Reference and download study guide: https://ebin.pub/fortinet-fortigate-security-study-guide-for-fortios-72.html

Correct answer is C: Exempt: when set to exempt, the FortiGate allow the traffic and exempt URL from all further inspection (including FortiGuard catergories which would then block the traffic)

FortiGate Security 7.2 Study Guide p.269

C: (if its not exempt it will still be blocked in a latter filter) Http inspection order >> URL >> static url filter (block/allow/exempt) -> Fortigate category filter (allow block) advanced filters (block/allow) >> displays page

Answer is B since URL filter is checked before category filter. you have to just change to simple

I configured this WebFilter on a FGT on Labo and the answer is B. You need to configure to simple to match with: twitter.com. On the other way, URL filter is evaluated before the Category Filter, so when matches it will pass.

A. It will allow all social networking sites, it is not correct B. It does not help C. Exempt does allow traffic and not inspect it D. Monitor will allow traffic and log it as well "allow" config that is not working

B is the answer, Simple - Allow. This rule will be hit before the Content Filter

C is correct

Correct C

C is correct! Tested this in a lab environment and to make this work as stated in the question the Exempt action is the only way to go, and also *.twimg.com will has to be added to the URL Filter with an Exempt action for this situation to really work!